三、docker 命令帮助
Docker 应用
三、docker 命令帮助
Docker 应用

三、docker 命令帮助

docker 命令是最常用的docker客户端命令,其后面可以加不同的参数以实现不同的功能,docker命令有很多子命令,可以用下面的方法查看帮助

#docker 命令帮助
man docker
docker
docker --help

#docker 子命令帮助
man docker SUBCOMMAND
docker SUBCOMMAND --help

官方文档:https://docs.docker.com/reference/

范例:查看docker命令帮助

[root@zhouqihao ~]# docker --help

Usage:  docker [OPTIONS] COMMAND

A self-sufficient runtime for containers

Options:
      --config string      Location of client config files (default "/root/.docker")
  -c, --context string     Name of the context to use to connect to the daemon (overrides DOCKER_HOST env var and default context set with "docker context use")
  -D, --debug              Enable debug mode
  -H, --host list          Daemon socket(s) to connect to
  -l, --log-level string   Set the logging level ("debug"|"info"|"warn"|"error"|"fatal") (default "info")
      --tls                Use TLS; implied by --tlsverify
      --tlscacert string   Trust certs signed only by this CA (default "/root/.docker/ca.pem")
      --tlscert string     Path to TLS certificate file (default "/root/.docker/cert.pem")
      --tlskey string      Path to TLS key file (default "/root/.docker/key.pem")
      --tlsverify          Use TLS and verify the remote
  -v, --version            Print version information and quit

Management Commands:
  app*        Docker App (Docker Inc., v0.9.1-beta3)
  builder     Manage builds
  buildx*     Build with BuildKit (Docker Inc., v0.6.1-docker)
  config      Manage Docker configs
  container   Manage containers
  context     Manage contexts
  image       Manage images
  manifest    Manage Docker image manifests and manifest lists
  network     Manage networks
  node        Manage Swarm nodes
  plugin      Manage plugins
  scan*       Docker Scan (Docker Inc., v0.8.0)
  secret      Manage Docker secrets
  service     Manage services
  stack       Manage Docker stacks
  swarm       Manage Swarm
  system      Manage Docker
  trust       Manage trust on Docker images
  volume      Manage volumes

Commands:
  attach      Attach local standard input, output, and error streams to a running container
  build       Build an image from a Dockerfile
  commit      Create a new image from a container's changes
  cp          Copy files/folders between a container and the local filesystem
  create      Create a new container
  diff        Inspect changes to files or directories on a container's filesystem
  events      Get real time events from the server
  exec        Run a command in a running container
  export      Export a container's filesystem as a tar archive
  history     Show the history of an image
  images      List images
  import      Import the contents from a tarball to create a filesystem image
  info        Display system-wide information
  inspect     Return low-level information on Docker objects
  kill        Kill one or more running containers
  load        Load an image from a tar archive or STDIN
  login       Log in to a Docker registry
  logout      Log out from a Docker registry
  logs        Fetch the logs of a container
  pause       Pause all processes within one or more containers
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image or a repository from a registry
  push        Push an image or a repository to a registry
  rename      Rename a container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Remove one or more images
  run         Run a command in a new container
  save        Save one or more images to a tar archive (streamed to STDOUT by default)
  search      Search the Docker Hub for images
  start       Start one or more stopped containers
  stats       Display a live stream of container(s) resource usage statistics
  stop        Stop one or more running containers
  tag         Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
  top         Display the running processes of a container
  unpause     Unpause all processes within one or more containers
  update      Update configuration of one or more containers
  version     Show the Docker version information
  wait        Block until one or more containers stop, then print their exit codes

Run 'docker COMMAND --help' for more information on a command.

To get more help with docker, check out our guides at https://docs.docker.com/go/guides/

3.1 验证docker信息

[root@zhouqihao ~]# docker info
Client:
 Context:    default
 Debug Mode: false      #client端是否开启debug
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Build with BuildKit (Docker Inc., v0.6.1-docker)
  scan: Docker Scan (Docker Inc., v0.8.0)

Server:
 Containers: 2   #当前主机运行的容器总数   
  Running: 2     #正在运行的容器数量
  Paused: 0      #暂停的容器数量
  Stopped: 0     #停止的容器的数量
 Images: 83      #当前服务器的镜像数量
 Server Version: 20.10.8       #服务端的版本
 Storage Driver: overlay2      #正在使用的存储引擎
  Backing Filesystem: xfs      #后端文件系统,即服务器的磁盘文件系统
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs        #Cgroups类型
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: e25210fe30a0a703442421b0f60afac609f950a3
 runc version: v1.0.1-0-g4144b63
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
 Registry Mirrors:
  https://hub-mirror.c.163.com/

3.2 docker存储引擎

官方文档关于存储引擎的相关文档:

https://docs.docker.com/storage/storagedriver/

https://docs.docker.com/storage/storagedriver/select-storage-driver/

  • AUFS: (AnotherUnionFS)是一种 Union FS ,是文件级的存储驱动。所谓 UnionFS就是把不同物理位置的目录合并 mount 到同一个目录中。简单来说就是支持将不同目录挂载到一个虚拟文件系统下的。这种可以层层地叠加修改文件。无论底下有多少都是只读的,最上系统可写的。当需要修改一个文件时, AUFS 创建该文件的一个副本,使用 CoW 将文件从只读层复制到可写进行修
    改,结果也保存在Docker 中,底下的只读层就是 image,可写层就是 Container,是 Docker18.06 及更早版本的首选存储驱动程序,在内核 3.13 上运行 Ubuntu 14.04 时不支持 overlay2
  • Overlay: 一种 Union FS 文件系统, Linux 内核 3.18 后支持
  • Overlay2: Overlay 的升级版,到目前为止,所有 Linux 发行版推荐使用的存储类 型,也是docker默认使用的存储引擎为overlay2,需要磁盘分区支持d-type功能,因此需要系统磁盘的额外支持.相对AUFS来说Overlay2 有以下优势: 1) 更简单地设计;2) 从3.18开始,就进入了Linux内核主线;3) 资源消耗更少
  • devicemapper: 因为早期CentOS和RHEL版本内核版本不支持 overlay2,默认使用的存储驱动程序,最大数据容量只支持100GB且性能不佳,当前较新版本的CentOS 已经支持overlay2, 因此推荐使用 overlay2
  • ZFS(Sun -2005)/btrfs(Oracle-2007): 目前没有广泛使用
  • vfs: 用于测试环境,适用于无法使用 copy-on -writewrite 时的情况。 此存储驱动程序的性能很差,通常不建议用于生产

Docker官方推荐首选存储引擎为overlay2,其次为devicemapper,但是devicemapper存在使用空间方面的一些限制,虽然可以通过后期配置解决,但是官方依然推荐使用overlay2

aufs范例:

#确认是否支持aufs
root@ubuntu-2010:~# grep -i aufs /boot/config-5.8.0-63-generic 
CONFIG_AUFS_FS=m
CONFIG_AUFS_BRANCH_MAX_127=y
# CONFIG_AUFS_BRANCH_MAX_511 is not set
# CONFIG_AUFS_BRANCH_MAX_1023 is not set
# CONFIG_AUFS_BRANCH_MAX_32767 is not set
CONFIG_AUFS_SBILIST=y
# CONFIG_AUFS_HNOTIFY is not set
CONFIG_AUFS_EXPORT=y
CONFIG_AUFS_INO_T_64=y
CONFIG_AUFS_XATTR=y
# CONFIG_AUFS_FHSM is not set
# CONFIG_AUFS_RDU is not set
CONFIG_AUFS_DIRREN=y
# CONFIG_AUFS_SHWH is not set
# CONFIG_AUFS_BR_RAMFS is not set
# CONFIG_AUFS_BR_FUSE is not set
CONFIG_AUFS_BR_HFSPLUS=y
CONFIG_AUFS_BDEV_LOOP=y
# CONFIG_AUFS_DEBUG is not set

root@ubuntu-2010:~# mkdir dir{1,2}
root@ubuntu-2010:~# echo "here is dir1" > dir1/test1
root@ubuntu-2010:~# echo "here is dir2" > dir2/test2
root@ubuntu-2010:~# mkdir aufs
root@ubuntu-2010:~# mount -t aufs -o br=/root/dir1=ro:/root/dir2=rw none /root/aufs
root@ubuntu-2010:~# ll aufs/
total 16
drwxr-xr-x 4 root root 4096 Sep 16 09:08 ./
drwx------ 9 root root 4096 Sep 16 09:08 ../
-rw-r--r-- 1 root root   13 Sep 16 09:08 test1
-rw-r--r-- 1 root root   13 Sep 16 09:08 test2
root@ubuntu-2010:~# cat aufs/test1
here is dir1
root@ubuntu-2010:~# cat aufs/test2
here is dir2
root@ubuntu-2010:~# df -T
Filesystem     Type  1K-blocks    Used Available Use% Mounted on
tmpfs          tmpfs    399728    1616    398112   1% /run
/dev/sda3      ext4   20511312 6937588  12508764  36% /
tmpfs          tmpfs   1998636       0   1998636   0% /dev/shm
tmpfs          tmpfs      5120       0      5120   0% /run/lock
tmpfs          tmpfs      4096       0      4096   0% /sys/fs/cgroup
/dev/sda2      ext4     999320  115268    815240  13% /boot
/dev/sda5      ext4   25668836   45080  24296808   1% /data
tmpfs          tmpfs    399724       4    399720   1% /run/user/0
none           aufs   20511312 6937588  12508764  36% /root/aufs

范例:修改存储引擎,注意切换存储引擎后原来的images和容器会丢失

root@ubuntu-2010:~# docker info | grep "Storage Driver"
 Storage Driver: overlay2
root@ubuntu-2010:~# systemctl stop docker
Warning: Stopping docker.service, but it can still be activated by:
  docker.socket
root@ubuntu-2010:~# vim /etc/docker/daemon.json 
root@ubuntu-2010:~# cat /etc/docker/daemon.json 
{
    "storage-driver": "aufs"
}
root@ubuntu-2010:~# systemctl restart docker
root@ubuntu-2010:~# docker info | grep aufs
WARNING: the aufs storage-driver is deprecated, and will be removed in a future release.
 Storage Driver: aufs
  Root Dir: /var/lib/docker/aufs

3.3 docker的进程关系

docker运行服务以及容器后有四个进程:

  • dockerd: 被client直接访问,其父进程为宿主机的systemd守护进程。
  • docker-proxy: 每个进程docker-proxy实现对应一个需要网络通信的容器,管理宿主机和容器的之间端口映射,其父进程为dockerd,如果容器不需要网络则无需启动
  • containerd: 被dockerd进程调用以实现与runc交互
  • containerd-shim: 真正运行容器的载体,每个容器对应一个containerd-shim进程,其父进程为containerd

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注